Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1112
Views
0
Helpful
1
Replies

Use AD account rather than internal for ISE

siddhesh.parab@orange.com1
Level 1
Level 1

‎04-16-2020 08:23 AM

Hello Team ,

 

Any one can share cisco document which states that "it is best pratice to create user account in AD rather than using internal user account for device administration" ??

 

Thanks in advanced.

0 Helpful
1 Reply 1

Colby LeMaire
VIP Alumni
VIP Alumni

‎04-16-2020 09:26 AM

I don't think you will find a document that states using AD over an internal account is a best practice.  It really depends on your environment.  The benefit of using AD over internal is that you only have one identity store where all accounts are stored and one place for their passwords.  You can also use the existing groups within AD for RBAC instead of having to create that within ISE.  When users have accounts/passwords in multiple systems, it becomes more difficult to remember all of the passwords, especially when there is a requirement to change the passwords regularly (i.e. every 90 days).  So you end up in a situation where users will write passwords down, or just get frustrated having to reset forgotten passwords all of the time.  You can still use local accounts in ISE as a backup, in case AD is down or the connection between ISE and AD is not working.  Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents